Skip to content
GitLab
Select Git revision
  • dev default
  • 6378-orcid-test-method-is-wrong-and-break-orcid-saving
  • core-php8
  • master
  • 6342-update-the-locales-for-1-5
  • 6344-template-issue-when-creating-a-template-with-empty-password-error-message-should-not-be-seen
  • 6365-core-locking-mechanism-is-not-changing-the-mail-ressource-it-does-lock-the-mail-account
  • 6365-core-when-lock-mechanism-is-trigger-the-user-should-not-be-editable-if-not-unlock
  • fusiondirectory-1.5
  • fusiondirectory-1.4
  • fusiondirectory-1.3.1
  • fusiondirectory-1.3
  • fusiondirectory-1.2.3
  • fusiondirectory-1.2.2
  • fusiondirectory-1.2.1
  • fusiondirectory-1.2
  • fusiondirectory-1.1.1
  • fusiondirectory-1.1
  • fusiondirectory-1.0.20
  • fusiondirectory-1.0.19
  • fusiondirectory-1.0.18
  • fusiondirectory-1.0.17
  • fusiondirectory-1.0.16
  • fusiondirectory-1.0.15
  • fusiondirectory-1.0.14
  • fusiondirectory-1.0.13
  • fusiondirectory-1.0.12
  • fusiondirectory-1.0.11
Find file BlameHistoryPermalink
class_passwordRecovery.inc 13.80 KiB
1 
<?php
2 
/*
3 
  This code is part of FusionDirectory (http://www.fusiondirectory.org/)
4 
  Copyright (C) 2003-2010  Cajus Pollmeier
5 
  Copyright (C) 2011-2018  FusionDirectory
6
7 
  This program is free software; you can redistribute it and/or modify
8 
  it under the terms of the GNU General Public License as published by
9 
  the Free Software Foundation; either version 2 of the License, or
10 
  (at your option) any later version.
11
12 
  This program is distributed in the hope that it will be useful,
13 
  but WITHOUT ANY WARRANTY; without even the implied warranty of
14 
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15 
  GNU General Public License for more details.
16
17 
  You should have received a copy of the GNU General Public License
18 
  along with this program; if not, write to the Free Software
19 
  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
20 
*/
21
22 
class passwordRecovery extends standAlonePage
23 
{
24 
  protected $loginAttribute;
25 
  protected $login;
26 
  protected $email_address;
27
28 
  protected $message;
29 
  protected $step;
30
31 
  /* Salt needed to mask the uniq id in the ldap */
32 
  protected $salt;
33
34 
  /* Delay allowed for the user to change his password (minutes) */
35 
  protected $delay_allowed;
36
37 
  /* Sender */
38 
  protected $from_mail;
39
40 
  protected $mail_body;
41 
  protected $mail_subject;
42
43 
  protected $mail2_body;
44 
  protected $mail2_subject;
45
46 
  protected $usealternates;
47
48 
  function init ()
49 
  {
50 
    parent::init();
51
52 
    $this->step     = 1;
53 
    $this->message  = [];
54
55 
    if (isset($_GET['email_address']) && ($_GET['email_address'] != '')) {
56 
      $this->email_address = validate($_GET['email_address']);
57 
    } elseif (isset($_POST['email_address'])) {
58 
      $this->email_address = validate($_POST['email_address']);
59 
    }
60
61 
    /* Check for selected user... */
62 
    if (isset($_GET['login']) && $_GET['login'] != '') {
63 
      $this->login = validate($_GET['login']);
64 
    } elseif (isset($_POST['login'])) {
65 
      $this->login = validate($_POST['login']);
66 
    } else {
67 
      $this->login = '';
68 
    }
69 
  }
70
7172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140
function save_object () { if (!$this->activated) { return; } /* Got a formular answer, validate and try to log in */ if ($_SERVER['REQUEST_METHOD'] == 'POST') { if (session::is_set('_LAST_PAGE_REQUEST')) { session::set('_LAST_PAGE_REQUEST', time()); } if (isset($_POST['change'])) { $this->step4(); } elseif (isset($_POST['apply'])) { if ($_POST['email_address'] == '') { $this->message[] = msgPool::required(_('Email address')); return; } $this->email_address = $_POST['email_address']; $this->step2(); if ($this->step == 2) { /* No errors */ $this->step3(); } } } elseif ($_SERVER['REQUEST_METHOD'] == 'GET') { if (isset($_GET['uniq'])) { $this->step4(); } } } function execute () { $this->save_object(); /* Do we need to show error messages? */ if (count($this->message) != 0) { /* Show error message and continue editing */ msg_dialog::displayChecks($this->message); } @DEBUG(DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, $this->step, "Step"); $smarty = get_smarty(); $this->assignSmartyVars(); $smarty->append('js_files', 'include/pwdStrength.js'); $smarty->append('css_files', get_template_path('login.css')); $smarty->assign('title', _('Password recovery')); $smarty->display(get_template_path('headers.tpl')); $smarty->assign('step', $this->step); $smarty->assign('delay_allowed', $this->delay_allowed); $smarty->assign('activated', $this->activated); $smarty->assign('email_address', $this->email_address); $smarty->display(get_template_path('recovery.tpl')); exit(); } /* Check that password recovery is activated, read config in ldap * Returns a boolean saying if password recovery is activated */ function readLdapConfig () { global $config; $this->salt = $config->get_cfg_value('passwordRecoverySalt'); $this->delay_allowed = $config->get_cfg_value('passwordRecoveryValidity');
141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210
$this->mail_subject = $config->get_cfg_value('passwordRecoveryMailSubject'); $this->mail_body = $config->get_cfg_value('passwordRecoveryMailBody'); $this->mail2_subject = $config->get_cfg_value('passwordRecoveryMail2Subject'); $this->mail2_body = $config->get_cfg_value('passwordRecoveryMail2Body'); $this->from_mail = $config->get_cfg_value('passwordRecoveryEmail'); $this->usealternates = $config->get_cfg_value('passwordRecoveryUseAlternate'); $this->loginAttribute = $config->get_cfg_value('passwordRecoveryLoginAttribute', 'uid'); @DEBUG(DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, $config->get_cfg_value('passwordRecoveryActivated'), "passwordRecoveryActivated"); return ($config->get_cfg_value('passwordRecoveryActivated') == "TRUE"); } function storeToken ($temp_password) { global $config; /* Store it in ldap with the salt */ $salt_temp_password = $this->salt.$temp_password.$this->salt; $sha1_temp_password = "{SHA}".base64_encode(pack("H*", sha1($salt_temp_password))); $ldap = $config->get_ldap_link(); // Check if token branch is here $token = get_ou('recoveryTokenRDN').get_ou('fusiondirectoryRDN').$config->current['BASE']; $ldap->cat($token, ['dn']); if (!$ldap->count()) { /* It's not, let's create it */ $ldap->cd($config->current['BASE']); $ldap->create_missing_trees($token); if (!$ldap->success()) { return msgPool::ldaperror($ldap->get_error(), $token, LDAP_MOD, get_class()); } fusiondirectory_log("Created token branch ".$token); } $dn = 'ou='.$this->login.','.$token; $ldap->cat($dn, ['dn']); $add = ($ldap->count() == 0); /* We store the token and its validity due date */ $attrs = [ 'objectClass' => ['organizationalUnit'], 'ou' => $this->login, 'userPassword' => $sha1_temp_password, 'description' => time() + $this->delay_allowed * 60, ]; $ldap->cd($dn); if ($add) { $ldap->add($attrs); } else { $ldap->modify($attrs); } if (!$ldap->success()) { return msgPool::ldaperror($ldap->get_error(), $dn, LDAP_ADD, get_class()); } /* Everything went well */ return ''; } function checkToken ($token) { global $config; $salt_token = $this->salt.$token.$this->salt; $sha1_token = "{SHA}".base64_encode(pack("H*", sha1($salt_token)));